.desktop files, serious security hole, virus-friendliness
benny at xfce.org
Mon Apr 3 20:11:28 EEST 2006
Thiago Macieira wrote:
>>I'd propose to optionally include a digital signature for the Exec field
>>(i.e. add an ExecSignature field to the spec) and let the file manager
>>ask the user whether he/she trusts the signee or popup a warning if no
>>signature is present. Distributions should then ship with a good default
>>set of trusted certificates (i.e. for Gnome, KDE, Xfce, etc.), so users
>>shouldn't see the warning unless they're trying to execute a
>>virus.desktop or a .desktop file whose signee is not yet in the trustdb.
> [I'm not trying to shoot your idea down; I'm just raising some discussion
> How would this work for user-created files? Should the desktop
> automatically sign the files? Should we require each and every user to
> have a GPG key?
We could simply use the key of the user if any, and otherwise generate a
key on-the-fly for the user. Once an attacker/virus has access to the
generated key, it's already too late to think about security holes in
.desktop files, so that should work pretty well.
More information about the xdg